alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-11 21:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
44,576 Commits 21 Branches 167 Tags
dadcc7b9f3c8efdab126d03e575b258a663f23db
Commit Graph

420 Commits

Author SHA1 Message Date
Laukik Hase
12e2df2d74 feat(esp_tee): Support for ESP32-H2 - the rest of the components 2025-05-20 16:31:23 +05:30
harshal.patil
0154c7cfe3 fix(mbedtls): Enable signature verification s/w fallback when ECDSA curve is disabled 2025-05-14 12:31:56 +05:30
Laukik Hase
d116567a66 refactor(esp_tee): Update TEE secure storage interface APIs 2025-05-04 18:03:29 +05:30
Aditya Patwardhan
d3e3790fc9 Merge branch 'fix/refactor_source_code_and_comments' into 'master' 
fix(hal): updated API description and added comments

Closes IDF-12618

See merge request espressif/esp-idf!38415
 2025-04-30 18:26:57 +08:00
Mahavir Jain
ff555428d1 Merge branch 'feat/dynamic_buffer_tls1.3' into 'master' 
feat(mbedtls): add support for dynamic buffer for TLS1.3

Closes IDFGH-14708, IDF-12469, IDF-9178, and IDF-1725

See merge request espressif/esp-idf!38258
 2025-04-30 17:52:43 +08:00
nilesh.kale
f19e8e6970 fix: re-enabled ecdsa support for esp32c5-eco2 2025-04-28 20:58:09 +05:30
Ashish Sharma
415e0f3c86 feat(mbedtls): add support for dynamic buffer for TLS1.3 
Closes https://github.com/espressif/esp-idf/issues/15448
 2025-04-24 12:05:36 +08:00
harshal.patil
b0d9ccf6e3 fix(mbedtls): Fix config dependencies when ROM mbedtls is used 2025-04-21 13:38:29 +05:30
Laukik Hase
1c4969bc47 feat(esp_security): Add a TEE-specific crypto lock layer with stub implementations 2025-04-16 19:19:03 +05:30
nilesh.kale
d9f03d7f28 fix(hal): updated API description and added comments 2025-04-15 14:58:53 +05:30
Laukik Hase
1c6405eb9b Merge branch 'fix/esp_tee_coverity_bugs' into 'master' 
fix(security): Fixed coverity warnings related to the `esp_tee` component

Closes IDF-12803, IDF-12804, and IDF-12826

See merge request espressif/esp-idf!38360
 2025-04-14 15:05:27 +08:00
Laukik Hase
13aff0b216 fix(security): Fixed coverity warnings related to the esp_tee component 
- Also, disable the SECP192R1 curve (Mbed TLS config) when TEE Secure Storage
  does not require it
 2025-04-14 10:12:51 +05:30
Ashish Sharma
b62e486247 fix(component/mbedtls): Fix failing cert verification with TLS1.3 and DS peripheral 2025-04-11 18:34:16 +08:00
Laukik Hase
3e95020c59 refactor(esp_security): Introduce dedicated APIs for crypto clock configuration 2025-04-04 10:31:27 +05:30
Laukik Hase
3fd107aa04 feat(mbedtls): Add support for ECDSA signing with TEE secure storage 2025-04-03 15:35:15 +05:30
Ashish Sharma
b126ebb596 feat(mbedtls): new config to allow weak cert verification 2025-03-28 15:46:48 +08:00
Mahavir Jain
8e4cbdfe36 Merge branch 'feat/configurable_mbedtls_sha1' into 'master' 
feat(mbedtls): Make mbedtls SHA1 support configurable

See merge request espressif/esp-idf!37795
 2025-03-24 17:38:05 +08:00
Mahavir Jain
ce7ec7f19f Merge branch 'feature/enable_hmac_and_ds_support_for_esp32h21' into 'master' 
feat: enabled hmac and ds support in esp32h21

Closes IDF-11495 and IDF-11497

See merge request espressif/esp-idf!37085
 2025-03-21 17:23:46 +08:00
Laukik Hase
98e16412a7 refactor(esp_tee): Use the AES-GCM port layer for operations in the TEE 2025-03-19 14:30:52 +05:30
harshal.patil
e442f11320 feat(mbedtls): Make mbedtls SHA1 support configurable 2025-03-19 14:28:40 +05:30
nilesh.kale
f794eb9b2d feat: enabled hmac and ds support in esp32h21 
This commit enables support for HMAC and DS in ESP32H21
 2025-03-13 10:23:11 +05:30
Laukik Hase
26fa7109f3 fix(esp_tee): Protect the AES/SHA clock registers from REE access 2025-02-25 16:49:08 +05:30
harshal.patil
d403005afc change(mbedtls/sha): Change the legacy formatting in the SHA port layers 2025-02-11 11:04:57 +05:30
harshal.patil
2717e5b62e fix(mbedtls/sha): Fix some local variable's types to avoid any substraction overflow error 
- Though such a case would not occur given the way it is used the driver layer
 2025-02-11 10:58:16 +05:30
harshal.patil
7d8211bf87 feat(mbedtls): Support both SHA block and DMA modes during runtime 
Dynamically switch the SHA operation modes based on the buffer operating length
 2025-02-04 16:49:30 +05:30
harshal.patil
37de702e97 feat(nvs_flash): Enable the usage of mbedtls from ROM for bootloader NVS decryption 
Bootloader NVS decryption uses hardware ROM APIs to decrypt the NVS contents,
but for targets that do not support AES hardware we could benefit by using the
software mbedtls library that is present in the ROM directly.
 2025-01-29 18:51:29 +05:30
Aditya Patwardhan
bef2a72ecb fix(hal): Make the ECDSA countermeasure dynamically applicable 
This commit makes the ECDSA countermeasure dynamically applicable
    across different revisions of the ESP32H2 SoC.
 2025-01-24 11:50:17 +08:00
Mahavir Jain
6875cbf022 feat(ecc): enable ECC constant time mode for ESP32-H2 ECO5 2025-01-24 11:50:17 +08:00
harshal.patil
c6ea979efa feat(hal/aes): Enable pseudo rounds function during AES operations 2024-12-03 11:17:54 +05:30
Laukik Hase
05e31e5148 feat(esp_tee): Support for ESP-TEE - mbedtls component 2024-12-02 12:20:02 +05:30
harshal.patil
2560484e4a fix(mbedtls/port): Fixed overflowed constant in esp_mpi_exp_mpi_mod_hw_op() 2024-11-27 11:39:42 +05:30
harshal.patil
f62bb46b48 fix(mbedtls/aes): Fix external memory corruption caused due to unaligned length cache sync 
Fixes the memory corruption issue that arises due to external memory cache sync of unaligned
length bytes when L2 cache line size is greater than the L1 cache line size
 2024-11-14 15:03:19 +05:30
harshal.patil
7786cbe2c8 docs(mem_alloc): Fix typo to make a section visible for non-esp32 spiram targets 2024-11-05 10:56:20 +05:30
harshal.patil
4cdfdac18c fix(mbedtls): Fix the increase in build size of mbedtls when upgrading to v3.x 2024-10-24 14:45:57 +05:30
harshal.patil
3957e59f1a feat(mbedtls/esp_crt_bundle): Move dummy cert to .rodata to save 408B from dram 
Co-authored-by: Hanno <h.binder@web.de>
 2024-10-16 16:21:28 +05:30
Aditya Patwardhan
1b770c3931 fix(mbedtls): Fix the MBEDTLS_FS_IO dependency on vfs 
By default MBEDTLS_FS_IO option in mbedtls uses the filesystem supported
added by vfs component.
If the vfs support is disabled by user then mbedtls raises a warning
that the filesystem realted operation shall always fail
This commit fixes the behaviour by enabling respective depedency check for the
MBEDTLS_FS_IO option

Closes https://github.com/espressif/esp-idf/issues/14409
 2024-09-30 13:43:29 +05:30
Mahavir Jain
bfd4085bea Merge branch 'feat/support_ecc_constant_time_mul_operations' into 'master' 
feat(mbedtls/ecc): Support ECC hardware constant-time point multiplication operations

Closes IDF-10327

See merge request espressif/esp-idf!31888
 2024-09-25 12:53:45 +08:00
Aditya Patwardhan
11128b73f5 feat(hal): Add countermeasure for ECDSA generate signature 
The ECDSA peripheral before ECO5 of esp32h2 does not perform the ECDSA
    sign operation in constant time. This allows an attacker to read the
    power signature of the ECDSA sign operation and then calculate the
    ECDSA key stored inside the eFuse. The commit adds a countermeasure
    for this attack. In this case the real ECDSA sign operation is
    masked under dummy ECDSA sign operations to hide its real power
    signature
 2024-09-23 18:55:43 +08:00
harshal.patil
46cbaa7d4d fix(mbedtls/ecc): Enable hardware ECC mult operations only for SOC_ECC_CONSTANT_TIME_MUL 
Co-authored-by: aditya.patwardhan <aditya.patwardhane@espressif.com>
 2024-09-20 18:46:55 +05:30
Mahavir Jain
a71e0fc028 Merge branch 'feature/enable_sha_support_for_esp32c61' into 'master' 
feat: enable support for sha peripheral in esp32c61

Closes IDF-9234

See merge request espressif/esp-idf!32830
 2024-09-20 13:22:14 +08:00
Mahavir Jain
f5b55b2967 Merge branch 'fix/ecdsa_verify_check_hash_len' into 'master' 
Wrap some mbedtls' ECDSA verification related APIs

See merge request espressif/esp-idf!33349
 2024-09-20 12:38:10 +08:00
nilesh.kale
12fc7a677e feat: enable support for sha peripheral in esp32c61 2024-09-11 14:49:01 +05:30
Jiang Guang Ming
5bb93061a3 feat(mbedtls): support rom mbedtls threading layer 2024-09-06 19:27:57 +08:00
Jiang Guang Ming
d74ff5224c feat(mbedtls): support ROM mbedtls v3.6.0 on C2 rev2.0(ECO4) 2024-09-06 09:55:27 +08:00
harshal.patil
c4f60d91f1 feat(mbedtls): Wrap mbedtls_ecdsa_read_signature to use ECDSA hardware when possible 2024-09-05 16:27:58 +05:30
harshal.patil
331fd7f79f fix(mbedtls/port): Check signature hash length before using ECDSA hardware 2024-09-05 16:27:58 +05:30
harshal.patil
c94986d793 fix(mbedtls): Fix https_request example build failure for mbedtls_config 
- This was caused due to some mbedtls confisg being defined but their all prerequisites were not
 2024-08-27 14:09:21 +05:30
Richard Allen
0b51c24238 change(mbedtls/port): optimize gcm_mult() 
1) pre-shift GCM last4 to use 32-bit shift

On 32-bit architectures like Aarch32, RV32, Xtensa,
shifting a 64-bit variable by 32-bits is free,
since it changes the register representing half of the 64-bit var.
Pre-shift the last4 array to take advantage of this.

2) unroll first GCM iteration

The first loop of gcm_mult() is different from
the others. By unrolling it separately from the
others, the other iterations may take advantage
of the zero-overhead loop construct, in addition
to saving a conditional branch in the loop.
 2024-08-20 16:44:56 +08:00
Mahavir Jain
0aeb9653e7 Merge branch 'fix/avoid_extra_c2m_msync_in_aes_driver' into 'master' 
fix(mbedtls/aes): Avoid extra C2M sync of memory

See merge request espressif/esp-idf!32599
 2024-08-08 17:04:14 +08:00
harshal.patil
b9dc847ee2 fix(mbedtls/aes): Avoid extra C2M sync of memory 2024-08-08 09:12:31 +05:30